From patchwork Thu Mar 2 15:18:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9600775 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3391360429 for ; Thu, 2 Mar 2017 16:04:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2207B28562 for ; Thu, 2 Mar 2017 16:04:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 14B1D285BB; Thu, 2 Mar 2017 16:04:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3B3427BE5 for ; Thu, 2 Mar 2017 16:04:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754213AbdCBPgI (ORCPT ); Thu, 2 Mar 2017 10:36:08 -0500 Received: from mail-bl2nam02on0040.outbound.protection.outlook.com ([104.47.38.40]:43952 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751768AbdCBPfA (ORCPT ); Thu, 2 Mar 2017 10:35:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=AqhMb5Av6xcAUInZaXMRtpobp8/hBb9WHcvbcfa0pHQ=; b=b2062z4iKJJKGAZgqpS5lPPTIYSll1bKNEHMUesp193lqKaKHm6wVfLU0URax36zGC+iVs+hdF2JYiP5FSp4eo8VGbbFOEq0uByMgUNY/04JEoQRhHpiW2SEK4YUiH4uSmRBLihYcz/aCulhtHxQol1hBqLwX2TgL37Rz76E/Vo= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by DM5PR12MB1610.namprd12.prod.outlook.com (10.172.40.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Thu, 2 Mar 2017 15:18:19 +0000 Subject: [RFC PATCH v2 29/32] kvm: svm: Add support for SEV DEBUG_DECRYPT command From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:18:17 -0500 Message-ID: <148846789744.2349.167641684941925238.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY4PR2201CA0002.namprd22.prod.outlook.com (10.171.208.140) To DM5PR12MB1610.namprd12.prod.outlook.com (10.172.40.16) X-MS-Office365-Filtering-Correlation-Id: 30e1afdd-a4de-4164-0ae4-08d4617f5d7c X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM5PR12MB1610; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1610; 3:FidX9xt9wzs5eMKP1tAxIqHN7rJE6Berwzdw3qHGmRjZQK0tkhLM/J93IKCkYg2xaLBSQkR1No0AgdvI9c5h0PoNuU8TKBW1OMvuYDIpnLAitDWc9uHw4TKTHgSptpuOkTF3jnzraUukM752xdOJx3SmjOyhCmD4oOkNEs7BXQLFhOEUh9T17Ac43wjcUMtKn0ZEdALIF4YtuqtMFkcFLU8ccDdDRkwObJVI+/v/Hpj+4Q6xff+rNUfZ4JbMm9a47tqEX29dJHa4p9cvXGkCBmEChA3EqkMJ89KtPmBQi/Q=; 25:djc7NYsnr/tqQDLNpUEHvPBs1dVPkBADYREBHcMQqpaVvM48tAk1K/YSpSJ+0M8W9/66tGh73aeMp6rc+yYS67u7kceszlln50hT/x7BjPboMW4sernFgxD1q7EW0TDe/EEgvTPzjgB0Rjhfwi+ZrEQBO6XWKYN1v0654bPm//t1prVgaKSwT9pmLLUgm7hAAFbmU8gkj5oW//PNLYcw4mfPcwz/aSNIxW94Wp+Rs8+jWW8SN7tu7i1X3GBnDflXKz62tjrMoAeq1CCVeys+/w1jc/KtDVsFSH0Ih4sAM1FGwCRiJUQN7A29cAaKVAhG96kTcHzDqidISGwN7XPU2wK8jU9Q4WiOot6+bkRQ7whYwBfNK8+VYpxl1s01FFFi8lr97jj8kcgS/IEQpLnhE3Rf9TP0axB20uJnPTDWjWUAn1/NKiXx2imlS1U1tMM8 X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1610; 31:KAYzReMJEnf/83Dgj+oHyNhZWEuZ0AiQTT3FurrSDLe0FbwEuwiVgxdkDIlGvJWHFQY3W51pPEfmKfOV78atmp5GFiCR6ejbgbxPoRIuVY7VpHgl6AoyE3IOesI6rb0deFg5kMdT1YHLytytnhrBahCk5jGZbEsugZTdG1inDArzxoMOR1YafOcfrjvHDmVoILdmupqurLjaqMR63yz/ZaY5nWlMnkWB7kPrhy+xKtDjFKFjggonF/8K7MV0lFRP; 20:xNwI1AoxVgTOtTPTZsAWCJ3ssIGKTXfgp8XGAZmqVPJGt9NDzh8LsEjunFA/H93JyCKoahkpICMQbcOrLFeYv5AqTmkeYJsKRPIn4wJmE7FaSh2zqOAXkxwP67DexlBoRIMaol1rS6Eh94iZFKgTcDAUfZbVH0Fz45sJDH0RViOCPCi6cX/PUaig5z6kYtMpKXoFy4r5f0gc8ZdLmZCq/WdmE0Yvj5Ce+4nqgJEukIpRi/JQOaZfdSHesl/B4cqWceDaYe41ehe6tAUlqCMGZ3oWOxC5YDhYJ+BcWA7WLVKSJyXkJW2M3O30hRJ9LYItdA5wfXcUrmKJnERbNMa6XjZTltmUXk7zuo22OXKxS22+N0qw0XdeG9468D59mBugPRXxdpvFpaAhg8ij9fAyu8PN8t9t+TRkTn91Q4+VkBt63aas2G7Fm8gUhyxChTTJADR2oWXcSp3J1qNBzMPdLoEq1g5jDjxwQsgfnwLxthFFxZhsUefMhxl9H85JqAIm X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123558025)(20161123560025)(6072148); SRVR:DM5PR12MB1610; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB1610; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1610; 4:0loAL2mXBdmVDn1sRAl/ewXdl2580aJR/19rmZRNl2FLCgFX4y59DFZ2tuYZF7S7DHksgyiaVm9fQLjMhm5u5VyWWKI0XPNnEVWKiS4OuNSRNLtr0jkXjKh+ruX/mLbPqV2zeogSD75wCnEDTZ2NlLzIPGHdY6bhdsrMaHt2qUv6C5hara349YLInZJxIXOqq802kYyStmfOCThzzBY0gempZHxrN3ObY5NR60vo7l4kxhuDxfT8An4Om8zKOBGMI9IKxluSWFZXic1rc5cS2g2uh1MTg2GkJ9Vi0ynl1iQK3MPssWIqXYdoop1aVYJVa8gDnOVOeI/G8RRt9vEz3E8GU/NJroI2rWP50tN+OBBz2myIOE0+bC/sPhMSCpJB9Ns6YtYZjfcOMHzSHHuR0jKIl3BZeFXvmSlikO8nKd5RImr8l58upXlyZDJHZ6QqsmlxAfewn0u+5hvbv5P8cBz1l/nIVbH215uqQPgUuMhX5NM+QG6ulIhEgp99/yStkCqEhd6pOmRfyqfEtCyAE6zA9Oh1E+zkWxYd0kgCTBPBK+jAweovDY8SlFx1Jg0Yd/BJjQ3tnslpg1yZ0jf3hJSjNy4QYWHJXi9epmb2VP0ndQlljH2plYhpaO2fy6YEZqZTI1OkZvL8gKhX1edN4X9y/NgHTftOGQ/qCORowWM= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(39850400002)(39860400002)(39840400002)(39410400002)(39450400003)(50466002)(2906002)(9686003)(50986999)(76176999)(33646002)(54356999)(7416002)(2201001)(2950100002)(103116003)(7406005)(23676002)(5660300001)(7736002)(4001350100001)(189998001)(83506001)(8676002)(38730400002)(1191002)(305945005)(53936002)(42186005)(6486002)(47776003)(77096006)(230700001)(6116002)(3846002)(33716001)(90366009)(66066001)(86362001)(25786008)(81166006)(92566002)(921003)(84006005)(2101003)(217873001)(83996005)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB1610; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxNjEwOzIzOitMb0ZBcWtQR3lKYWxCMktOUzBseEZnK0R0?= =?utf-8?B?b1g4SVEvUExyTFljdy8rWDZDZWN6NUhlTFpKQ1Z2M0k5Wm5Kcys0RURNQ3dw?= =?utf-8?B?NlBQM05uN3BiK1prK2ZFK2ZxNEJSQnVBRVgzVFY0Nzd5M3Iya0hrUXRSQVIr?= =?utf-8?B?aGdwbmkzYXBJa2paT1M2T2ROZCt6YzhZWXliSVVQVC9yNi82cCszVkxCU1FD?= =?utf-8?B?WFdhYzIybGlTdFBsTHU3TDRTczM0L1FrN056WnM1RTAvSXIxS3BCa2pKUW5i?= =?utf-8?B?VmRqMVVUd3lpS0srN2xUd2ExQnMvemFHdEllaXdXV0ZrRWw5WWZnc3EzKzVm?= =?utf-8?B?WTF1WUpyWitiNjhOdy9WSGoxVmlKbENreXlNaEkxb2wvYzdRUVo1L1BwQUJW?= =?utf-8?B?QTBuSVZ6RkxveXd1bVA3N2tab0E5dHVyblJ5cjNZQVdqeHJ0NEx6MkZJd3Nw?= =?utf-8?B?YmF6Y29JTDVjT05LWnQ5aVE4V0QxTktwRzBZcWM1c2wzUG5nT1FFc0lrREVG?= =?utf-8?B?NmlhOVViTmYzK3ZXMHVKMzhTTlhIb05VekdpM1orUk5CTmxEOEtwa2l3UXpa?= =?utf-8?B?YXFoSDh6TjFheUZiYXRBRFM1VTBUdTd0cEx5MUtPbUdUTDRVR2hpYndaKzl1?= =?utf-8?B?bWEzMnNNTzdBeFN6cC9mUkc1WFFaU05wS2MwTHBFZHAzNzRaVjE0eDBNNUFr?= =?utf-8?B?M3BPU1VQd1U3NWYrdDZ0Vk1lMjVhVVBvenpZQ0NSek41ZTBLdno3SlV1WGor?= =?utf-8?B?RFFFdFpNenVUcVZnb2h1cnRpeWE3ZjZzTGt4Ym9GV2RVUkJmUkdjNjkvK2o3?= =?utf-8?B?c0h5NVdmUFlSUTEwYjY2MGJyd1pyQ1NFc3lXV05Pa1NCVnNxZ1crSGNROE5a?= =?utf-8?B?dklRYnE5RC9jN0VKdi9tY0FnWm9mcmRIK0d5TlN6RnozanJtc1pES2w3eDRR?= =?utf-8?B?RXlIOGlZVitiK3Ayd1lpQU42ay8rSjEyZGhXTDg4V2NwaDRIR3lpRERIRnly?= =?utf-8?B?TzdQNzUwSTVZbmpCOXRkVVJlM1pQYlU5cVloK0w2L2ZBMUYxZ1VHK3d6azFy?= =?utf-8?B?dnAyOFgvTytqb3VKSHl4d2pVMFZFWlVuSXZURCt1bVREdHBHYVlLMzJLdHh1?= =?utf-8?B?VEErSVRCUFBCeG5HMEhYa0VDWkUyTEVESitIdGRSRVpBUUV3QUlxREVQUUJi?= =?utf-8?B?K2J6V0l4aDVZMzQ5RjVYZFNvQU9nekJqaE9FTVhLTFM4bU4yeXA4VUh3SG1u?= =?utf-8?B?THR6WWp2VHdvVVZ3UEhsVXR0aVpoOTZEa2ttelJRWmFZY2ZQbHlwQUR3eUlu?= =?utf-8?B?Tkc4cXhBMVpwejFOUGhZMWI2R2FkaFJqNTUwSU1KQUtRM3VVWEg3bDlrVFBV?= =?utf-8?B?WEdyVGNONkJTbXFDSXhEeHNYMlRnb045UUJhSlkxS01OQWRwcm9kd0diQkhk?= =?utf-8?B?dWg0eEk2bUJLajlXWUVWRzBzVXE2NzBkdjJsR3pERmlXSXRBb01KNjIvd1pK?= =?utf-8?B?V0VBeDk4SXB6c3RNMjcwSWNnazVONkwycGNHWnMrbzVJK3JPcEgwZjdUYTg4?= =?utf-8?B?WkZqd0ZlcE5aQmVSbnJRUnE5ZW94ZmorVGZWbWVVV2IxMzY1Q3J5WloxTlV0?= =?utf-8?B?WXFyMkFod2h4UG9TNzhWbkdTNUFDNnI2MFIrbVROdWh3YXhCUWtycytvYk4y?= =?utf-8?Q?c4zN1M7RaB3JxIInIH010KQCYx5mn/DkOI1FuMN?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1610; 6:eQ1dcqMKo8TLTL7wR3lfp+TAKxEwpCH4T9sxXWIo416ddxgD7swuKNYOfWqlgozwMDoJs5Z7+A+M+60C0HrrAXiGdpn5cqJrJJu55cCdNnIrLuMljUsagW01z3LztUmuLA5Xqe+xZOrCknE742d5Vmm9DF4Oaddt7PBzX3XgNTYBe2j1tKxnseZHUOQ4wqPbFCDxFlQxsI+LhDy1NBEVOkW4pdO7+x9urOibDJrqLAVg6R8vwCGxDjXrXqLv1wvRoEyd7frYMOfNGrzl265w1zZaAtSbaEuWt3O5zxG5socNBj9ha4IyCKz2zguOkmQzPQqf37yIJGILwV02AvERVTTUnfSSMBA8OhJxYTCpb+6eDoTjMvan4pki3yh3l4b0tDe+343NyV5+VH3gs+cLB+I3IiwQyjha4zQanZeb1Ik=; 5:S0/3TC8KKNK9GxILwoo+3nWiNrcU6EFPrQeWjTF/jP5wE5xkhbbsYU3CvgZ96kYcqhGlPGOacCkzdTVL7cNh3779/KnyBofgPcIzPVjrDRE6BW9QUbWEwJjdTBFXOfv0Bn7LT9k3i5CmO+OwY3JQ4w==; 24:eormxc24RLYKj2yWUjouGRWn4qsgJ1RZwj4UQsU0qkrSq8m+pPPB/JWo9YQ66h59cQpaS0Y2pc2vL0CoFPcN+N9GbX3hi3yRKuU5OseuGBs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1610; 7:d/8d6HpfVC/HO4nbiwwDl2k2CRTqzakwCoDWoDBxZgys9xZu4fnFggbZAf462Vciaob+Q/iXGwQvAVvgMnuSjMN0u20P0sAsunl+V0tytoYi6VirbHw6UukjvHeE1w/CsGOxaAGg+tiUrDp9O+qz5WQ+X2IbqECXwxQz4aTTU5mDHlALEJTwWdnqCH2XqfPRFipvkpTsO3QO5w89kL6ceWsPzpC8ny2PhhCJXfO0i2b5SLLfzvgiNuvl/egLNFcQNPq5DaQuGzH27Lk1jmFpPl0sbQdaXPBrh83iMXej1OFk9vKcMcnwMJiMB4hXmJtLo3BqWTA6YpED50TGQHJu8Q==; 20:kSsvLMWL/grbD+/A7KJkiCjq7CeU3HG27vQaa7SEuE7e5xRmL4lfo0bS0uqs5yz8S2ll37mZEcRsZhXs5dak84vEdwpVo9+V6Vu3aY19g8zPolkbBJTRQ1Ch+YJbBv6btaqu4m3So1kGikYm6zCV/nJoqA/Oeut75Ybr7R17QRtd6QjFsJtE4BmVnNtAl2p0tir8dxf+HpuS0eR+Lzl165IpiFdNNsTknk8/ZJj6t0mPg5Lfimc2zYorx+JmIlOI X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:18:19.8242 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1610 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used to decrypt guest memory region for debug purposes. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 977aa22..ce8819a 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5986,6 +5986,78 @@ static int sev_guest_status(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int __sev_dbg_decrypt_page(struct kvm *kvm, unsigned long src, + void *dst, int *error) +{ + int ret; + struct page **inpages; + struct sev_data_dbg *data; + unsigned long npages; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + inpages = sev_pin_memory(src, PAGE_SIZE, &npages); + if (!inpages) { + ret = -ENOMEM; + goto err_1; + } + + data->handle = sev_get_handle(kvm); + data->dst_addr = __psp_pa(dst); + data->src_addr = __sev_page_pa(inpages[0]); + data->length = PAGE_SIZE; + + ret = sev_issue_cmd(kvm, SEV_CMD_DBG_DECRYPT, data, error); + if (ret) + printk(KERN_ERR "SEV: DEBUG_DECRYPT %d (%#010x)\n", + ret, *error); + sev_unpin_memory(inpages, npages); +err_1: + kfree(data); + return ret; +} + +static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + void *data; + int ret, offset, len; + struct kvm_sev_dbg debug; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(&debug, (void *)argp->data, + sizeof(struct kvm_sev_dbg))) + return -EFAULT; + /* + * TODO: add support for decrypting length which crosses the + * page boundary. + */ + offset = debug.src_addr & (PAGE_SIZE - 1); + if (offset + debug.length > PAGE_SIZE) + return -EINVAL; + + data = (void *) get_zeroed_page(GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* decrypt full page */ + ret = __sev_dbg_decrypt_page(kvm, debug.src_addr & PAGE_MASK, + data, &argp->error); + if (ret) + goto err_1; + + /* we have decrypted full page but copy request length */ + len = min_t(size_t, (PAGE_SIZE - offset), debug.length); + if (copy_to_user((uint8_t *)debug.dst_addr, data + offset, len)) + ret = -EFAULT; +err_1: + free_page((unsigned long)data); + return ret; +} + static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) { int r = -ENOTTY; @@ -6013,6 +6085,10 @@ static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) r = sev_guest_status(kvm, &sev_cmd); break; } + case KVM_SEV_DBG_DECRYPT: { + r = sev_dbg_decrypt(kvm, &sev_cmd); + break; + } default: break; }